Re: Minor IE vulnerability: about: URLs

[Simon Kornblith <slists () simonster com>]

On 10/19/01 5:47 PM, "Pedro Miller Rabinovitch" <pedro () ciphertech com br>
wrote:

> At 17:13 +0200 19.10.01, Clover Andrew wrote:
> > Versions:
> >
> > Assume all versions of IE/Win are vulnerable. Status of IE under other
> > platforms is unknown. Versions tested:
> >
> > 4.72.3612.1713 (SP2; 3283)
> > 5.00.3315.1000 (SP2)
> > 5.50.4522.1800
> > 6.0.2600.0000
>
> I've confirmed the bug in the above.
>
> In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about:
> 'feature'. Thus, they don't seem to be vulnerable.
>
> As a U.S. Senator recently said (as quoted by Wired magazine) on the
> whole security problem: "Use a Mac." ;-)
> (please take this comment with a truckload of salt. I *am* j/k)

I can also confirm that IE 5.1 for Mac OS X isn't vulnerable. It just shows
the entire thing in the title of the about box, even if you type in
about:</title>. Not sure if this was the same outcome as IE5 and IE4.5, it
probably was.

> > A Microsoft chap pointed out that sites can already break out of the
> > Restricted Sites Zone, simply by pointing at another site that is
> > not in that Zone.

Simon